Details of VAR-202101-1926

ID

VAR-202101-1926

CVE

CVE-2021-3156

TITLE

Sudo set_cmd() is vulnerable to heap-based buffer overflow

Trust: 0.8

sources: CERT/CC: VU#794544

DESCRIPTION

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character. A heap-based overflow has been discovered in the set_cmd() function in sudo, which may allow a local attacker to execute commands with elevated administrator privileges.CVE-2021-3156 AffectedCVE-2021-3156 Affected. sudo has a heap-based buffer overflow due to the implementation of escaping special characters set in command arguments (CWE-122) Vulnerability exists. 2021 Year 2 Moon 5 As of the date macOS , AIX , Solaris It has been reported that it may also be affected by the virus, but it has not been confirmed by the finder. note that, 2021 Year 2 Moon 9 On the day Apple has released a security update to address this issue.A local third party can elevate privileges and execute commands with administrator privileges. Sensormatic Electronics Company ( Johnson Controls subsidiary) Illustra is a surveillance and security camera system. Illustra includes vulnerabilities related to boundary condition determination ( CWE-193 , CVE-2021-3156 ) exists.Installed in the product by a third party under certain conditions Linux Operating system administrator privileges can be obtained. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Bug Fix(es): * Previously, the Red Hat Virtualization Host (RHV-H) repository (rhvh-4-for-rhel-8-x86_64-rpms) did not include the libsmbclient package, which is a dependency for the sssd-ad package. Consequently, the sssd-ad package failed to install. With this update, the libsmbclient is now in the RHV-H repository, and sssd-ad now installs on RHV-H. (BZ#1868967) 4. Bugs fixed (https://bugzilla.redhat.com/): 1850939 - Hosted engine deployment does not properly show iSCSI LUN errors 1868967 - sssd-ad installation fails on RHV-H 4.4 due to missing libsmbclient from samba package in rhvh-4-for-rhel-8-x86_64-rpms channel 1889686 - CVE-2020-25684 dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker 1889688 - CVE-2020-25685 dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker 1890125 - CVE-2020-25686 dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker 1902315 - Rebase RHV-H 4.4 to RHV 4.4.4 1902646 - ssh connection fails due to overly permissive openssh.config file permissions 1909644 - HE deploy failed with "Failed to download metadata for repo 'rhel-8-for-x86_64-baseos-beta-rpms': Cannot download repomd.xml 1917684 - CVE-2021-3156 sudo: Heap buffer overflow in argument parsing 1921553 - RHVH upgrade to the latest 4.4.4-1 build will fail due to FileNotFoundError 1923126 - Hosted Engine setup fails on storage selection - Retrieval of iSCSI targets failed. 7.7) - ppc64, ppc64le, s390x, x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: sudo security update Advisory ID: RHSA-2021:0221-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0221 Issue date: 2021-01-26 CVE Names: CVE-2021-3156 ==================================================================== 1. Summary: An update for sudo is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix(es): * sudo: Heap buffer overflow in argument parsing (CVE-2021-3156) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1917684 - CVE-2021-3156 sudo: Heap buffer overflow in argument parsing 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: sudo-1.8.23-10.el7_9.1.src.rpm x86_64: sudo-1.8.23-10.el7_9.1.x86_64.rpm sudo-debuginfo-1.8.23-10.el7_9.1.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: sudo-debuginfo-1.8.23-10.el7_9.1.i686.rpm sudo-debuginfo-1.8.23-10.el7_9.1.x86_64.rpm sudo-devel-1.8.23-10.el7_9.1.i686.rpm sudo-devel-1.8.23-10.el7_9.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: sudo-1.8.23-10.el7_9.1.src.rpm x86_64: sudo-1.8.23-10.el7_9.1.x86_64.rpm sudo-debuginfo-1.8.23-10.el7_9.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: sudo-debuginfo-1.8.23-10.el7_9.1.i686.rpm sudo-debuginfo-1.8.23-10.el7_9.1.x86_64.rpm sudo-devel-1.8.23-10.el7_9.1.i686.rpm sudo-devel-1.8.23-10.el7_9.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: sudo-1.8.23-10.el7_9.1.src.rpm ppc64: sudo-1.8.23-10.el7_9.1.ppc64.rpm sudo-debuginfo-1.8.23-10.el7_9.1.ppc64.rpm ppc64le: sudo-1.8.23-10.el7_9.1.ppc64le.rpm sudo-debuginfo-1.8.23-10.el7_9.1.ppc64le.rpm s390x: sudo-1.8.23-10.el7_9.1.s390x.rpm sudo-debuginfo-1.8.23-10.el7_9.1.s390x.rpm x86_64: sudo-1.8.23-10.el7_9.1.x86_64.rpm sudo-debuginfo-1.8.23-10.el7_9.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: sudo-debuginfo-1.8.23-10.el7_9.1.ppc.rpm sudo-debuginfo-1.8.23-10.el7_9.1.ppc64.rpm sudo-devel-1.8.23-10.el7_9.1.ppc.rpm sudo-devel-1.8.23-10.el7_9.1.ppc64.rpm ppc64le: sudo-debuginfo-1.8.23-10.el7_9.1.ppc64le.rpm sudo-devel-1.8.23-10.el7_9.1.ppc64le.rpm s390x: sudo-debuginfo-1.8.23-10.el7_9.1.s390.rpm sudo-debuginfo-1.8.23-10.el7_9.1.s390x.rpm sudo-devel-1.8.23-10.el7_9.1.s390.rpm sudo-devel-1.8.23-10.el7_9.1.s390x.rpm x86_64: sudo-debuginfo-1.8.23-10.el7_9.1.i686.rpm sudo-debuginfo-1.8.23-10.el7_9.1.x86_64.rpm sudo-devel-1.8.23-10.el7_9.1.i686.rpm sudo-devel-1.8.23-10.el7_9.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: sudo-1.8.23-10.el7_9.1.src.rpm x86_64: sudo-1.8.23-10.el7_9.1.x86_64.rpm sudo-debuginfo-1.8.23-10.el7_9.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: sudo-debuginfo-1.8.23-10.el7_9.1.i686.rpm sudo-debuginfo-1.8.23-10.el7_9.1.x86_64.rpm sudo-devel-1.8.23-10.el7_9.1.i686.rpm sudo-devel-1.8.23-10.el7_9.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-3156 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/RHSB-2021-002 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYBB9QtzjgjWX9erEAQjMkQ/+PUDUX16Tnzqt7l1CsDAkHsT89EyY1keR 5XAlnrEv0nfw+/Feb2zhjlAlGbZSE1pTHOB4WarZzz2edZW5PRDw2SnljPToGoF2 6e4rlxRMJzFzc1WiOl5VgIq2LsOrqE1x3smwx7UGloMNmld/wgNKzFyddlR3ya0/ k78GAgUD2K/riILpeSG9M3jkK6IX/ecAOV8cK4GnmVAyrc/I0ud+wp+AFaQdKOUd DJ08C4ktxCEDZnCMV7X0fheoVB08T2VUPqM3AT0mP8Q07RWElFNAYYzS0/0ABGdd G/bRXDOiP0Qp92gMjWi4zu8JJk1Yyt8vnXII30gr2dd4f/8O0X6N+fntkhpc86N0 mdXrPNBDXC6YJqahqtTH3ZMNWj37kSX5O0QIxRMMySIuPEhLdkF0A4CBGcP1qpaN BQf/nNAvYlkz70QTL91JkUL98X0Ih+O6IAPxT//C90VXwXTb2+XmBBYjA24/gHJn kpv9ZzJfeCSCVoa019u3r/8pkMIfiN69GpO2FQTJCP4MbIJPHeANp2lYEA+KHPqE XJvy0qh3YEs741KxKwzbaMgOTrYsoMvKhVeJZm0t5bpU5Y5TTF9fCVan8uJ8ke6d buQej1iyBUvPq+gMQvJhwiP1Q2rvgxPmHP+L3Awo9tTqm6b7WsqdRq5K+B025v+d NdZXKIPEQVY=7/vM -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Bug Fix(es): * When performing an upgrade of the Red Hat Virtualization Host using the command `yum update`, the yum repository for RHV 4.3 EUS is unreachable As a workaround, run the following command: `# yum update --releasever=7Server` (BZ#1899378) 4. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. ========================================================================== Ubuntu Security Notice USN-4705-1 January 26, 2021 sudo vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in Sudo. A local attacker could possibly use this issue to obtain unintended access to the administrator account. (CVE-2021-3156) It was discovered that the Sudo sudoedit utility incorrectly handled checking directory permissions. A local attacker could possibly use this issue to bypass file permissions and determine if a directory exists or not. (CVE-2021-23239) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.10: sudo 1.9.1-1ubuntu1.1 sudo-ldap 1.9.1-1ubuntu1.1 Ubuntu 20.04 LTS: sudo 1.8.31-1ubuntu1.2 sudo-ldap 1.8.31-1ubuntu1.2 Ubuntu 18.04 LTS: sudo 1.8.21p2-3ubuntu1.4 sudo-ldap 1.8.21p2-3ubuntu1.4 Ubuntu 16.04 LTS: sudo 1.8.16-0ubuntu1.10 sudo-ldap 1.8.16-0ubuntu1.10 In general, a standard system update will make all the necessary changes. 7) - aarch64, ppc64le, s390x 3. 8) - aarch64, ppc64le, s390x, x86_64 3

Trust: 4.05

sources: NVD: CVE-2021-3156 // CERT/CC: VU#794544 // JVNDB: JVNDB-2021-001020 // JVNDB: JVNDB-2021-002344 // VULHUB: VHN-383931 // VULMON: CVE-2021-3156 // PACKETSTORM: 161281 // PACKETSTORM: 161139 // PACKETSTORM: 161144 // PACKETSTORM: 161143 // PACKETSTORM: 161272 // PACKETSTORM: 161163 // PACKETSTORM: 161135 // PACKETSTORM: 161145 // PACKETSTORM: 161138

AFFECTED PRODUCTS

vendor:	oracle	model:	micros es400	scope:	gte	version:	400	Trust: 1.0
vendor:	mcafee	model:	web gateway	scope:	eq	version:	9.2.8	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	33	Trust: 1.0
vendor:	netapp	model:	hci management node	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	micros es400	scope:	lte	version:	410	Trust: 1.0
vendor:	oracle	model:	tekelec platform distribution	scope:	gte	version:	7.4.0	Trust: 1.0
vendor:	oracle	model:	communications performance intelligence center	scope:	gte	version:	10.3.0.0.0	Trust: 1.0
vendor:	synology	model:	diskstation manager unified controller	scope:	eq	version:	3.0	Trust: 1.0
vendor:	netapp	model:	ontap select deploy administration utility	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	micros kitchen display system	scope:	eq	version:	210	Trust: 1.0
vendor:	sudo	model:	sudo	scope:	eq	version:	1.9.5	Trust: 1.0
vendor:	oracle	model:	communications performance intelligence center	scope:	gte	version:	10.4.0.1.0	Trust: 1.0
vendor:	sudo	model:	sudo	scope:	lt	version:	1.9.5	Trust: 1.0
vendor:	oracle	model:	micros workstation 6	scope:	gte	version:	610	Trust: 1.0
vendor:	oracle	model:	tekelec platform distribution	scope:	lte	version:	7.7.1	Trust: 1.0
vendor:	synology	model:	diskstation manager	scope:	eq	version:	6.2	Trust: 1.0
vendor:	sudo	model:	sudo	scope:	lt	version:	1.8.32	Trust: 1.0
vendor:	synology	model:	skynas	scope:	eq	version:	-	Trust: 1.0
vendor:	sudo	model:	sudo	scope:	gte	version:	1.8.2	Trust: 1.0
vendor:	oracle	model:	micros workstation 6	scope:	lte	version:	655	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	netapp	model:	ontap tools	scope:	eq	version:	9	Trust: 1.0
vendor:	oracle	model:	communications performance intelligence center	scope:	lte	version:	10.4.0.3.1	Trust: 1.0
vendor:	mcafee	model:	web gateway	scope:	eq	version:	8.2.17	Trust: 1.0
vendor:	sudo	model:	sudo	scope:	gte	version:	1.9.0	Trust: 1.0
vendor:	beyondtrust	model:	privilege management for unix\/linux	scope:	lt	version:	10.3.2-10	Trust: 1.0
vendor:	oracle	model:	communications performance intelligence center	scope:	lte	version:	10.3.0.2.1	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	10.0	Trust: 1.0
vendor:	netapp	model:	oncommand unified manager core package	scope:	eq	version:	-	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	32	Trust: 1.0
vendor:	synology	model:	vs960hd	scope:	eq	version:	-	Trust: 1.0
vendor:	beyondtrust	model:	privilege management for mac	scope:	lt	version:	21.1.1	Trust: 1.0
vendor:	oracle	model:	micros workstation 5a	scope:	eq	version:	5a	Trust: 1.0
vendor:	netapp	model:	solidfire	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	active iq unified manager	scope:	eq	version:	-	Trust: 1.0
vendor:	mcafee	model:	web gateway	scope:	eq	version:	10.0.4	Trust: 1.0
vendor:	netapp	model:	cloud backup	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	micros compact workstation 3	scope:	eq	version:	310	Trust: 1.0
vendor:	sudo	model:	sudo	scope:	-	version:	-	Trust: 0.8
vendor:	sudo	model:	sudo	scope:	eq	version:	1.9.0 to 1.9.5p1	Trust: 0.8
vendor:	sudo	model:	sudo	scope:	eq	version:	-	Trust: 0.8
vendor:	sudo	model:	sudo	scope:	eq	version:	1.8.2 to 1.8.31p2	Trust: 0.8
vendor:	sensormatic	model:	insight	scope:	-	version:	-	Trust: 0.8
vendor:	sensormatic	model:	flex gen 2	scope:	-	version:	-	Trust: 0.8
vendor:	sensormatic	model:	pro 2	scope:	-	version:	-	Trust: 0.8
vendor:	sensormatic	model:	pro gen 3	scope:	eq	version:	v2.8.0 all previous s	Trust: 0.8

sources: JVNDB: JVNDB-2021-001020 // JVNDB: JVNDB-2021-002344 // NVD: CVE-2021-3156

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-3156
value:	HIGH
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2021-3156
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-3156
value:	HIGH
Trust: 0.8
OTHER:	JVNDB-2021-002344
value:	HIGH
Trust: 0.8
VULHUB:	VHN-383931
value:	HIGH
Trust: 0.1
VULMON:	CVE-2021-3156
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-3156
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-383931
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-3156
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2021-3156
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
OTHER:	JVNDB-2021-002344
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-383931 // VULMON: CVE-2021-3156 // JVNDB: JVNDB-2021-001020 // JVNDB: JVNDB-2021-002344 // NVD: CVE-2021-3156 // NVD: CVE-2021-3156

PROBLEMTYPE DATA

problemtype:	CWE-193	Trust: 1.1
problemtype:	Heap-based buffer overflow (CWE-122) [IPA evaluation ]	Trust: 0.8
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8
problemtype:	Determination of boundary conditions (CWE-193) [ others ]	Trust: 0.8

sources: VULHUB: VHN-383931 // JVNDB: JVNDB-2021-001020 // JVNDB: JVNDB-2021-002344 // NVD: CVE-2021-3156

THREAT TYPE

local

Trust: 0.2

sources: PACKETSTORM: 161163 // PACKETSTORM: 161135

TYPE

overflow, root

Trust: 0.5

sources: PACKETSTORM: 161139 // PACKETSTORM: 161144 // PACKETSTORM: 161143 // PACKETSTORM: 161145 // PACKETSTORM: 161138

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-383931

PATCH

title:	Buffer overflow in command line unescaping Apple Apple Security Updates	url:	https://www.sudo.ws/alerts/unescape_overflow.html	Trust: 0.8
title:	Product Security Advisory \| JCI-PSA-2021-13 (( PDF )	url:	https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2021/jci-psa-2021-13.pdf?la=en&hash=FC6A4C7293ABA5697AC763F92E4256CA4F3D7B1D	Trust: 0.8
title:	Red Hat: Important: sudo security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20210227 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: sudo security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20210221 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: sudo security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20210225 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: sudo security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20210224 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: sudo security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20210222 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: sudo security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20210226 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: sudo security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20210218 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: sudo security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20210223 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: sudo security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20210219 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: sudo security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20210220 - Security Advisory	Trust: 0.1
title:	Debian Security Advisories: DSA-4839-1 sudo -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=e39766a043b3a0185adba1c80532d955	Trust: 0.1
title:	Red Hat: Important: RHV-H security, bug fix, enhancement update (redhat-virtualization-host) 4.3.13	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20210395 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat Virtualization Host security bug fix and enhancement update [ovirt-4.4.4]	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20210401 - Security Advisory	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2021-1478	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2021-1478	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2021-1590	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2021-1590	Trust: 0.1
title:	Cisco: Sudo Privilege Escalation Vulnerability Affecting Cisco Products: January 2021	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-sudo-privesc-jan2021-qnYQfcM	Trust: 0.1
title:	TA-Samedit	url:	https://github.com/stressboi/TA-Samedit	Trust: 0.1
title:	ScannerCVE-2021-3156	url:	https://github.com/SantiagoSerrao/ScannerCVE-2021-3156	Trust: 0.1
title:	TÃtulo del Proyecto	url:	https://github.com/lmol/CVE-2021-3156	Trust: 0.1
title:	CVE-2021-3156	url:	https://github.com/reverse-ex/CVE-2021-3156	Trust: 0.1
title:	LinuxDocLinks	url:	https://github.com/neolin-ms/LinuxDocLinks	Trust: 0.1
title:	Baron-Samedit	url:	https://github.com/AbdullahRizwan101/Baron-Samedit	Trust: 0.1
title:	CVE-2021-3156	url:	https://github.com/ph4ntonn/CVE-2021-3156	Trust: 0.1

sources: VULMON: CVE-2021-3156 // JVNDB: JVNDB-2021-001020 // JVNDB: JVNDB-2021-002344

EXTERNAL IDS

db:	NVD	id:	CVE-2021-3156	Trust: 6.1
db:	CERT/CC	id:	VU#794544	Trust: 2.7
db:	JVN	id:	JVNVU96493147	Trust: 1.6
db:	JVN	id:	JVNVU90511416	Trust: 1.6
db:	ICS CERT	id:	ICSA-22-256-01	Trust: 1.6
db:	PACKETSTORM	id:	161230	Trust: 1.1
db:	PACKETSTORM	id:	161160	Trust: 1.1
db:	PACKETSTORM	id:	161270	Trust: 1.1
db:	PACKETSTORM	id:	161293	Trust: 1.1
db:	MCAFEE	id:	SB10348	Trust: 1.1
db:	OPENWALL	id:	OSS-SECURITY/2021/01/27/2	Trust: 1.1
db:	OPENWALL	id:	OSS-SECURITY/2021/01/26/3	Trust: 1.1
db:	OPENWALL	id:	OSS-SECURITY/2021/02/15/1	Trust: 1.1
db:	OPENWALL	id:	OSS-SECURITY/2021/01/27/1	Trust: 1.1
db:	OPENWALL	id:	OSS-SECURITY/2021/09/14/2	Trust: 1.1
db:	OPENWALL	id:	OSS-SECURITY/2024/01/30/6	Trust: 1.0
db:	OPENWALL	id:	OSS-SECURITY/2024/01/30/8	Trust: 1.0
db:	PACKETSTORM	id:	176932	Trust: 1.0
db:	JVN	id:	JVNVU99480250	Trust: 0.8
db:	JVN	id:	JVNVU98963695	Trust: 0.8
db:	JVN	id:	JVNVU92304019	Trust: 0.8
db:	JVN	id:	JVNVU91343607	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-001020	Trust: 0.8
db:	JVN	id:	JVNVU96372273	Trust: 0.8
db:	ICS CERT	id:	ICSA-21-245-01	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-002344	Trust: 0.8
db:	PACKETSTORM	id:	161163	Trust: 0.2
db:	PACKETSTORM	id:	161143	Trust: 0.2
db:	PACKETSTORM	id:	161138	Trust: 0.2
db:	PACKETSTORM	id:	161144	Trust: 0.2
db:	PACKETSTORM	id:	161272	Trust: 0.2
db:	PACKETSTORM	id:	161139	Trust: 0.2
db:	PACKETSTORM	id:	161135	Trust: 0.2
db:	PACKETSTORM	id:	161281	Trust: 0.2
db:	PACKETSTORM	id:	161145	Trust: 0.2
db:	PACKETSTORM	id:	161141	Trust: 0.1
db:	PACKETSTORM	id:	161152	Trust: 0.1
db:	PACKETSTORM	id:	161140	Trust: 0.1
db:	PACKETSTORM	id:	161142	Trust: 0.1
db:	PACKETSTORM	id:	161398	Trust: 0.1
db:	PACKETSTORM	id:	161136	Trust: 0.1
db:	PACKETSTORM	id:	161137	Trust: 0.1
db:	SEEBUG	id:	SSVID-99117	Trust: 0.1
db:	VULHUB	id:	VHN-383931	Trust: 0.1
db:	VULMON	id:	CVE-2021-3156	Trust: 0.1

sources: CERT/CC: VU#794544 // VULHUB: VHN-383931 // VULMON: CVE-2021-3156 // PACKETSTORM: 161281 // PACKETSTORM: 161139 // PACKETSTORM: 161144 // PACKETSTORM: 161143 // PACKETSTORM: 161272 // PACKETSTORM: 161163 // PACKETSTORM: 161135 // PACKETSTORM: 161145 // PACKETSTORM: 161138 // JVNDB: JVNDB-2021-001020 // JVNDB: JVNDB-2021-002344 // NVD: CVE-2021-3156

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2021-3156	Trust: 2.5
url:	http://www.openwall.com/lists/oss-security/2021/01/26/3	Trust: 2.2
url:	http://jvn.jp/vu/jvnvu90511416/index.html	Trust: 1.6
url:	https://www.cisa.gov/uscert/ics/advisories/icsa-22-256-01	Trust: 1.6
url:	https://www.kb.cert.org/vuls/id/794544	Trust: 1.1
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sudo-privesc-jan2021-qnyqfcm	Trust: 1.1
url:	https://security.netapp.com/advisory/ntap-20210128-0001/	Trust: 1.1
url:	https://security.netapp.com/advisory/ntap-20210128-0002/	Trust: 1.1
url:	https://support.apple.com/kb/ht212177	Trust: 1.1
url:	https://www.sudo.ws/stable.html#1.9.5p2	Trust: 1.1
url:	https://www.synology.com/security/advisory/synology_sa_21_02	Trust: 1.1
url:	https://www.debian.org/security/2021/dsa-4839	Trust: 1.1
url:	http://seclists.org/fulldisclosure/2021/jan/79	Trust: 1.1
url:	http://seclists.org/fulldisclosure/2021/feb/42	Trust: 1.1
url:	https://security.gentoo.org/glsa/202101-33	Trust: 1.1
url:	http://packetstormsecurity.com/files/161160/sudo-heap-based-buffer-overflow.html	Trust: 1.1
url:	http://packetstormsecurity.com/files/161230/sudo-buffer-overflow-privilege-escalation.html	Trust: 1.1
url:	http://packetstormsecurity.com/files/161270/sudo-1.9.5p1-buffer-overflow-privilege-escalation.html	Trust: 1.1
url:	http://packetstormsecurity.com/files/161293/sudo-1.8.31p2-1.9.5p1-buffer-overflow.html	Trust: 1.1
url:	https://www.beyondtrust.com/blog/entry/security-advisory-privilege-management-for-unix-linux-pmul-basic-and-privilege-management-for-mac-pmm-affected-by-sudo-vulnerability	Trust: 1.1
url:	https://www.oracle.com//security-alerts/cpujul2021.html	Trust: 1.1
url:	https://www.oracle.com/security-alerts/cpuapr2022.html	Trust: 1.1
url:	https://www.oracle.com/security-alerts/cpuoct2021.html	Trust: 1.1
url:	https://lists.debian.org/debian-lts-announce/2021/01/msg00022.html	Trust: 1.1
url:	http://www.openwall.com/lists/oss-security/2021/01/27/1	Trust: 1.1
url:	http://www.openwall.com/lists/oss-security/2021/01/27/2	Trust: 1.1
url:	http://www.openwall.com/lists/oss-security/2021/02/15/1	Trust: 1.1
url:	http://www.openwall.com/lists/oss-security/2021/09/14/2	Trust: 1.1
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/lhxk6ico5aylgfk2tax5mzkuxtukwojy/	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/cala5ftxiqbrryua2zqnjxb6oqmaxeii/	Trust: 1.0
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10348	Trust: 1.0
url:	http://packetstormsecurity.com/files/176932/glibc-syslog-heap-based-buffer-overflow.html	Trust: 1.0
url:	http://www.openwall.com/lists/oss-security/2024/01/30/8	Trust: 1.0
url:	http://www.openwall.com/lists/oss-security/2024/01/30/6	Trust: 1.0
url:	http://seclists.org/fulldisclosure/2024/feb/3	Trust: 1.0
url:	https://www.vicarius.io/vsociety/posts/sudoedit-pwned-cve-2021-3156	Trust: 1.0
url:	cve-2021-3156	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu96493147	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu92304019/	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu98963695/	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu91343607/	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu99480250/	Trust: 0.8
url:	https://www.jpcert.or.jp/at/2021/at210005.html	Trust: 0.8
url:	https://kb.cert.org/vuls/id/794544	Trust: 0.8
url:	https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu96372273	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu96493147/	Trust: 0.8
url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-245-01	Trust: 0.8
url:	https://access.redhat.com/security/vulnerabilities/rhsb-2021-002	Trust: 0.7
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.7
url:	https://access.redhat.com/security/cve/cve-2021-3156	Trust: 0.7
url:	https://bugzilla.redhat.com/):	Trust: 0.7
url:	https://access.redhat.com/security/team/key/	Trust: 0.7
url:	https://access.redhat.com/security/team/contact/	Trust: 0.7
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.7
url:	https://access.redhat.com/articles/11258	Trust: 0.5
url:	https://access.redhat.com/articles/2974891	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-25686	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-25685	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-25684	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-25685	Trust: 0.2
url:	https://access.redhat.com/security/vulnerabilities/rhsb-2021-001	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-25686	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-25684	Trust: 0.2
url:	https://usn.ubuntu.com/4705-1	Trust: 0.2
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10348	Trust: 0.1
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/lhxk6ico5aylgfk2tax5mzkuxtukwojy/	Trust: 0.1
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/cala5ftxiqbrryua2zqnjxb6oqmaxeii/	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:0401	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:0225	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:0222	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:0221	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:0395	Trust: 0.1
url:	https://usn.ubuntu.com/4705-2	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/sudo/1.8.31-1ubuntu1.2	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-23239	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/sudo/1.9.1-1ubuntu1.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/sudo/1.8.16-0ubuntu1.10	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/sudo/1.8.21p2-3ubuntu1.4	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:0223	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:0218	Trust: 0.1

sources: CERT/CC: VU#794544 // VULHUB: VHN-383931 // PACKETSTORM: 161281 // PACKETSTORM: 161139 // PACKETSTORM: 161144 // PACKETSTORM: 161143 // PACKETSTORM: 161272 // PACKETSTORM: 161163 // PACKETSTORM: 161135 // PACKETSTORM: 161145 // PACKETSTORM: 161138 // JVNDB: JVNDB-2021-001020 // JVNDB: JVNDB-2021-002344 // NVD: CVE-2021-3156

CREDITS

This document was written by Timur Snoke.Statement Date: February 15, 2021

Trust: 0.8

sources: CERT/CC: VU#794544

SOURCES

db:	CERT/CC	id:	VU#794544
db:	VULHUB	id:	VHN-383931
db:	VULMON	id:	CVE-2021-3156
db:	PACKETSTORM	id:	161281
db:	PACKETSTORM	id:	161139
db:	PACKETSTORM	id:	161144
db:	PACKETSTORM	id:	161143
db:	PACKETSTORM	id:	161272
db:	PACKETSTORM	id:	161163
db:	PACKETSTORM	id:	161135
db:	PACKETSTORM	id:	161145
db:	PACKETSTORM	id:	161138
db:	JVNDB	id:	JVNDB-2021-001020
db:	JVNDB	id:	JVNDB-2021-002344
db:	NVD	id:	CVE-2021-3156

LAST UPDATE DATE

2025-09-30T22:39:06.492000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#794544	date:	2021-04-26T00:00:00
db:	VULHUB	id:	VHN-383931	date:	2022-09-03T00:00:00
db:	VULMON	id:	CVE-2021-3156	date:	2024-02-04T00:00:00
db:	JVNDB	id:	JVNDB-2021-001020	date:	2022-09-15T05:47:00
db:	JVNDB	id:	JVNDB-2021-002344	date:	2022-09-15T05:47:00
db:	NVD	id:	CVE-2021-3156	date:	2025-04-03T19:47:48.433

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#794544	date:	2021-02-04T00:00:00
db:	VULHUB	id:	VHN-383931	date:	2021-01-26T00:00:00
db:	VULMON	id:	CVE-2021-3156	date:	2021-01-26T00:00:00
db:	PACKETSTORM	id:	161281	date:	2021-02-03T16:36:53
db:	PACKETSTORM	id:	161139	date:	2021-01-27T14:06:12
db:	PACKETSTORM	id:	161144	date:	2021-01-27T14:06:54
db:	PACKETSTORM	id:	161143	date:	2021-01-27T14:06:46
db:	PACKETSTORM	id:	161272	date:	2021-02-03T16:22:29
db:	PACKETSTORM	id:	161163	date:	2021-01-28T13:59:34
db:	PACKETSTORM	id:	161135	date:	2021-01-27T14:05:32
db:	PACKETSTORM	id:	161145	date:	2021-01-27T14:07:05
db:	PACKETSTORM	id:	161138	date:	2021-01-27T14:06:02
db:	JVNDB	id:	JVNDB-2021-001020	date:	2021-02-08T00:00:00
db:	JVNDB	id:	JVNDB-2021-002344	date:	2021-09-06T00:00:00
db:	NVD	id:	CVE-2021-3156	date:	2021-01-26T21:15:12.987